package com.lg.cms.config;

import com.lg.cms.shiro.*;
import com.lg.cms.service.PermissionService;
import com.lg.cms.shiro.filter.LoginUriFilter;
import com.lg.cms.shiro.filter.RoleFilter;
import com.lg.cms.shiro.realm.AdminRealm;
import com.lg.cms.shiro.realm.UserRealm;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.Filter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/**
 * @Description: cms
 * @Author: wuyuhang
 * @create: 2020-09-28 14:57
 */
@Slf4j
@Configuration
public class ShiroConfig{

    @Autowired
    PermissionService permissionService;

    /**
     * shiro创建过滤器工厂, shiro安全管理器放金过滤器工厂中
     * @param securityManager
     * @return
     */
    @Bean
    ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager") SecurityManager securityManager){
        ShiroFilterFactoryBean filterFactoryBean = new ShiroFilterFactoryBean();
        filterFactoryBean.setSecurityManager(securityManager);
        Map<String, Filter> filterMap = new HashMap<>();
        //设置未授权重定向
        filterFactoryBean.setUnauthorizedUrl("/error/403");
        //新增不同用户重定向过滤器
        filterMap.put("authc", new LoginUriFilter());
        filterMap.put("roles", new RoleFilter());
        filterFactoryBean.setFilters(filterMap);
        return filterFactoryBean;

    }

    /**
     * 创建shiro安全管理器, 用户自定义的realm需放入管理器内
     * @return
     */
    @Bean
    SecurityManager securityManager(){
        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
        manager.setAuthenticator(shiroRealmAuthenticator());
        List<Realm> realms = new ArrayList<>();
        //添加多个Realm
        realms.add(userRealm());
        realms.add(adminRealm());
        manager.setRealms(realms);
        return manager;
    }

    /**
     * 针对多realm使用自定义认证器
     * @return
     */
    @Bean
    ModularRealmAuthenticator shiroRealmAuthenticator(){
        ShiroRealmAuthenticator authenticator = new ShiroRealmAuthenticator();
        authenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
        return authenticator;
    }

    /**
     * 获取用户自定义的realm(超级用户管理实现类)
     * @return
     */
    @Bean
    AdminRealm adminRealm(){
        log.info("加入superRealm到容器");
        return new AdminRealm();
    }

    /**
     * 获取用户自定义的realm(普通用户管理实现类)
     * @return
     */
    @Bean
    UserRealm userRealm(){
        return new UserRealm();
    }
}